Chancellor Constance M. Carroll addressed a recent data breach at the San Diego Community College District (SDCCD) Chancellor’s Forum held on Monday Sept. 16. The breach affected several of the district’s websites, including City College, Mesa College, and the SDCCD main website. On Sunday Sept. 15, students and faculty alike experienced a complete loss of access to several websites within the district. As a result, a litany of essential services were temporarily inaccessible. The student portal, mySDCCD, remained uncompromised.
SDCCD students were left scratching their heads, with little to no information regarding the websites’ down time. On Monday during the forum, Carroll announced that the outage was the result of a data hack, stating that, “I am happy to say that no confidential, no personal information was compromised, but this was a horrific experience for everyone to go through.”
SDCCD’s Director of Communications and Public Relations, Jack Beresford confirmed that the hackers had little interest in personal information, with their main objective being simply to extort money from the district, rather than students.
Carroll stated, “…hackers exist to take advantage of that little opening. And so that’s what happened to us. I think something like 90 servers were hacked on Sunday. Mainly at City College, and a ransom demand was also provided. Now we have ransom insurance, but this is not fun and games to deal with.”
However, Beresford stated that ransom was not paid to the hackers. Instead, the situation was resolved solely by SDCCD’s internet technologies department, saying that, “They [the internet technologies department] were able to restore the systems based on a backup they have as a regular process that we use. In many other circumstances the folks that were hacked have no other option than to work with the folks that inserted the malware. In our case, because we have backups, and backup of backups, we were able to restore the system with little to no loss of any kind of data in that process.”
Additionally, Beresford affirmed that preventive measures have been taken to anticipate and avoid further incidents of this nature. “This cannot happen again. We live in an era where we are constantly being attacked, through our information technology systems, individual employees are receiving phishing emails on a regular basis. And so it’s good practice for all of us to follow those safe internet practices… change your passwords, don’t open emails that look suspicious, some things that we’re all going to have to live with.”
Carroll also stated, “It puts into perspective for me how fragile we are in the world. And what can be the innocent opening of a ‘phishing email’ – which is easy to do because a lot of these emails look real, they look absolutely legitimate, how that can lead to a sort of ‘worm hole’ into other countries…”
The cyber security breach proved to be of little consequence for the district, its employees, and the students. In response to the failed attack, safe internet practices will be further stressed among staff, and cyber security will be further emphasized by the internet technologies department, ensuring that any student information will remain safe and confidential.
